11 matches found
CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id
WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...
EUVD-2019-2481
Malware in sbrugna...
EUVD-2004-2150
Malware in sbrugna...
CVE-2019-10687
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entryid0 parameter, the admin/index.php?module=log id parameter, or an index.php?View=print= request...
CVE-2024-9700
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.36.0 via the submitquizzes function due to missing validation on the 'entryid' user controlled key. This makes it...
Sql injection
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entryid parameter...
phpComasy 0.9.1 (entry_id) SQL Injection Vulnerability
No description provided by source. phpComasyentryid SQL-injection Vulnerability Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de Vulnerability : SQL injection Google Dork : N/W -------------------------------------------------- ! Name : phpComasy ! Site : www.phpcomasy.com ! Download :...
phpComasy 0.9.1 - 'entry_id' SQL Injection
phpComasyentryid SQL-injection Vulnerability Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de Vulnerability : SQL injection Google Dork : N/W -------------------------------------------------- ! Name : phpComasy ! Site : www.phpcomasy.com ! Download :...
MycroCMS 'entry_id' SQL注入漏洞
BUGTRAQ ID: 29671 CNCAN ID:CNCAN-2008061305 MycroCMS是一款基于PHP的WEB应用程序。 MycroCMS不正确处理用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,可能获得敏感信息或操作数据库。 问题是脚本对用户提交给'entryid'参数缺少过滤,构建恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 MycroCMS 0.5 目前没有解决方案提供: http://sourceforge.net/project/showfiles.php?groupid=227040...
Serendipity Lang.Inc.PHP本地文件包含漏洞
CVE: 2006-6242 Serendipity 是一款基于php的WEB应用程序。 Serendipity 不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以web权限查看系统文件内容。 问题是由于'Lang.Inc.PHP'脚本对用户提交的'entryid'参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过web root路径限制,以web权限查看系统文件内容。 0 S9Y Serendipity 1.0.3 S9Y Serendipity 0.9.1 S9Y Serendipity 0.8.2 S9Y Serendipity 0.8.1 S9Y...
CVE-2004-2158
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entryid parameter to 1 exit.php or 2 comment.php...